# HG changeset patch # User Mads Kiilerich # Date 1438350247 -7200 # Node ID caaf0d07c16840dc3f1fe5d3743a5d0214868eb5 # Parent 8ccc02375c0dd6eefab3998fea0bbab542f9ac8f auth: make ValidPasswordsMatch more explicit and strict about which fields are being checked diff -r 8ccc02375c0d -r caaf0d07c168 kallithea/model/forms.py --- a/kallithea/model/forms.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/model/forms.py Fri Jul 31 15:44:07 2015 +0200 @@ -102,6 +102,8 @@ v.UnicodeString(strip=False, min=6, not_empty=False), ) admin = v.StringBoolean(if_missing=False) + chained_validators = [v.ValidPasswordsMatch('new_password', + 'password_confirmation')] else: password = All( v.ValidPassword(), @@ -111,6 +113,8 @@ v.ValidPassword(), v.UnicodeString(strip=False, min=6, not_empty=False) ) + chained_validators = [v.ValidPasswordsMatch('password', + 'password_confirmation')] active = v.StringBoolean(if_missing=False) firstname = v.UnicodeString(strip=True, min=1, not_empty=False) @@ -118,7 +122,6 @@ email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data)) extern_name = v.UnicodeString(strip=True) extern_type = v.UnicodeString(strip=True) - chained_validators = [v.ValidPasswordsMatch()] return _UserForm @@ -196,7 +199,8 @@ lastname = v.UnicodeString(strip=True, min=1, not_empty=False) email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data)) - chained_validators = [v.ValidPasswordsMatch()] + chained_validators = [v.ValidPasswordsMatch('password', + 'password_confirmation')] return _RegisterForm diff -r 8ccc02375c0d -r caaf0d07c168 kallithea/model/validators.py --- a/kallithea/model/validators.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/model/validators.py Fri Jul 31 15:44:07 2015 +0200 @@ -280,19 +280,17 @@ return _validator -def ValidPasswordsMatch(passwd='new_password', passwd_confirmation='password_confirmation'): +def ValidPasswordsMatch(password_field, password_confirmation_field): class _validator(formencode.validators.FancyValidator): messages = { 'password_mismatch': _('Passwords do not match'), } def validate_python(self, value, state): - - pass_val = value.get('password') or value.get(passwd) - if pass_val != value[passwd_confirmation]: + if value.get(password_field) != value[password_confirmation_field]: msg = M(self, 'password_mismatch', state) raise formencode.Invalid(msg, value, state, - error_dict={passwd:msg, passwd_confirmation: msg} + error_dict={password_field:msg, password_confirmation_field: msg} ) return _validator diff -r 8ccc02375c0d -r caaf0d07c168 kallithea/tests/functional/test_login.py --- a/kallithea/tests/functional/test_login.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/tests/functional/test_login.py Fri Jul 31 15:44:07 2015 +0200 @@ -298,7 +298,7 @@ 'email': 'goodmailm@test.plxa', 'firstname': 'test', 'lastname': 'test'}) - msg = validators.ValidPasswordsMatch()._messages['password_mismatch'] + msg = validators.ValidPasswordsMatch('password', 'password_confirmation')._messages['password_mismatch'] response.mustcontain(msg) def test_register_ok(self): diff -r 8ccc02375c0d -r caaf0d07c168 kallithea/tests/other/test_validators.py --- a/kallithea/tests/other/test_validators.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/tests/other/test_validators.py Fri Jul 31 15:44:07 2015 +0200 @@ -100,9 +100,9 @@ self.assertRaises(formencode.Invalid, validator.to_python, 'ąćżź') def test_ValidPasswordsMatch(self): - validator = v.ValidPasswordsMatch() + validator = v.ValidPasswordsMatch('new_password', 'password_confirmation') self.assertRaises(formencode.Invalid, - validator.to_python, {'password': 'pass', + validator.to_python, {'new_password': 'pass', 'password_confirmation': 'pass2'}) self.assertRaises(formencode.Invalid, @@ -114,9 +114,9 @@ validator.to_python({'new_password': 'pass', 'password_confirmation': 'pass'})) - self.assertEqual({'password': 'pass', + self.assertEqual({'new_password': 'pass', 'password_confirmation': 'pass'}, - validator.to_python({'password': 'pass', + validator.to_python({'new_password': 'pass', 'password_confirmation': 'pass'})) def test_ValidAuth(self):